#!/bin/sh
#

# PROVIDE: stf
# REQUIRE: netif
# KEYWORD: nojail

. /etc/rc.subr
. /etc/network.subr

name="stf"
desc="6to4 tunnel interface"
start_cmd="stf_up"
stop_cmd="stf_down"

stf_up()
{
	case ${stf_interface_ipv4addr} in
	[Nn][Oo] | '')
		;;
	*)
		# assign IPv6 addr and interface route for 6to4 interface
		stf_prefixlen=$((16+${stf_interface_ipv4plen:-0}))
		OIFS="$IFS"
		IFS=".$IFS"
		set ${stf_interface_ipv4addr}
		IFS="$OIFS"
		hexfrag1=`hexprint $(($1*256 + $2))`
		hexfrag2=`hexprint $(($3*256 + $4))`
		ipv4_in_hexformat="${hexfrag1}:${hexfrag2}"
		case ${stf_interface_ipv6_ifid} in
		[Aa][Uu][Tt][Oo] | '')
			for i in ${ipv6_network_interfaces}; do
				laddr=`network6_getladdr ${i}`
				case ${laddr} in
				'')
					;;
				*)
					break
					;;
				esac
			done
			stf_interface_ipv6_ifid=`expr "${laddr}" : \
						      'fe80::\(.*\)%\(.*\)'`
			case ${stf_interface_ipv6_ifid} in
			'')
				stf_interface_ipv6_ifid=0:0:0:1
				;;
			esac
			;;
		esac
		echo "Configuring 6to4 tunnel interface: stf0."
		ifconfig stf0 create >/dev/null 2>&1
		ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \
			prefixlen ${stf_prefixlen}
		check_startmsgs && /sbin/ifconfig stf0

		# disallow packets to malicious 6to4 prefix
		route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
		route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
		route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
		route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
		;;
	esac
}

stf_down()
{
	echo "Removing 6to4 tunnel interface: stf0."
	ifconfig stf0 destroy
	route delete -inet6 2002:e000:: -prefixlen 20 ::1
	route delete -inet6 2002:7f00:: -prefixlen 24 ::1
	route delete -inet6 2002:0000:: -prefixlen 24 ::1
	route delete -inet6 2002:ff00:: -prefixlen 24 ::1
}

load_rc_config $name

# doesn't make sense to run in a svcj: config setting
stf_svcj="NO"

run_rc_command "$1"
